Adding Users to WildFly Security Realms
External
- EAP Documentation - Add a User to a Security Realm: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#Add_a_User_to_a_Security_Realm1
Internal
Add a User to the Application Realm
This is an example of how to add a user to the application realm with add-user.sh.
C:\runtime\jboss-eap-6.0\bin>add-user.bat What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Realm (ApplicationRealm) : Username : test Password : Re-enter Password : What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: guest About to add user 'test' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'test' to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-users.properties' Added user 'test' to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-users.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-roles.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process e.g. slave domain controller? yes/no? no Press any key to continue . . .
The script modifies the following files:
${JBOSS_HOME}/standalone/configuration/application-users.properties ${JBOSS_HOME}/standalone/configuration/application-roles.properties ${JBOSS_HOME}/standalone/domain/configuration/application-users.properties ${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties
A WildFly process is not required to be present in order for the operation to succeed.
Add a User to the Management Realm
This is an example of how to add a user to the management realm with add-user.sh.
The procedure can be used for both adding node users or users corresponding to identities subordinate host controllers use when connecting to the domain controller.
If this user will be used only for node access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.
nombp1:bin ovidiu$ ./add-user.sh What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): a Enter the details of the new user to add. Using realm 'ManagementRealm' as discovered from the existing property files. Username : novaordis.management.user Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file. - The password must not be one of the following restricted values {root, admin, administrator} - The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s) - The password must be different from the username Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: DomainManagement About to add user 'novaordis.management.user' for realm 'ManagementRealm' Is this correct yes/no? yes Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-users.properties' Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-users.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-groups.properties' Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" />
The script modifies the following files:
$JBOSS_HOME/standalone/configuration/mgmt-users.properties $JBOSS_HOME/domain/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties $JBOSS_HOME/domain/configuration/mgmt-groups.properties
A WildFly process is not required to be present in order for the operation to succeed.
For more details about the secret, see:
[[1]]